macOSLAPS
Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows (by joshua-d-miller)
access-manager
Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way. (by lithnet)
| macOSLAPS | access-manager | |
|---|---|---|
| 27 | 22 | |
| 365 | 230 | |
| - | 0.9% | |
| 0.0 | 4.2 | |
| about 1 year ago | 9 months ago | |
| Swift | C# | |
| MIT License | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macOSLAPS
Posts with mentions or reviews of macOSLAPS.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-10.
-
Best practice for MacOS control + user experience in Intune. (Autopilot for Macs to Intune)
LAPS isn't natively supported but once again there's a third-party solution
- Simple App to help Mac Admins
-
Mac user password resets
As others have mentioned, a second account with admin privileges might be your best bet. If you're going to go that route, you may want to implement macoslaps along with that. Macoslaps randomizes the local admin password which comes in handy if you need to give the password to someone. It used to be only for Active Directory joined Macs but now can be used without an active directory (via MDM). Here's the link for more info: This goes on the clients - https://github.com/joshua-d-miller/macOSLAPS
-
Anyone know if macOSLAPS will work with the new Windows LAPS update Microsoft just announced?
We use MacOSLAPS on our Mac clients to randomize the admin password on those machines: https://github.com/joshua-d-miller/macOSLAPS
-
The Active Directory team has delivered LAPS natively to Windows 10 & 11, #WindowsServer 2019 & 2022 with this month’s Patch Tuesday!
And that implementation is why when I set this up at $oldJob I set the RemovePassChars key to all ambiguous characters I had run into on the Microsoft product.
-
First Post - a stupidly specific failure
I believe setting something like macOSLAPS up will also resolve the issue since the automatically created local account would authenticate and update it's password silently.
- is it possible to see what account made changes to the system?
-
Need advice for securing company laptops
There are a variety of alternatives, such as https://github.com/joshua-d-miller/macOSLAPS
- Create a standard account, no admin account
- Mac User accounts
access-manager
Posts with mentions or reviews of access-manager.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-08.
-
item level targeting
i use https://github.com/lithnet/access-manager as a pam. it gives you more control and insight into who is using admin access and that they only have it for a short period of time.
-
How to find out how many users have been given local admin rights on their machines?
That's where JIT credentials come into play for people that need to install their own software. You can fairly easily set up something like that with LAPS or Lithnet (or both, https://github.com/lithnet/access-manager). If you have that many endpoints that need that much admin access, then any sort of ransomware is going to mess things up real fast if it gets in, and you'll be spending a lot more than 30-40 hours just getting things back up and running.
-
Resetting Password permissions
or you could use https://github.com/lithnet/access-manager
- LAPS in small organization
- How does LAPS make things more secure?
- How do you manage users that need temp Admin access to company owned assets?
- Users needing local admin rights
-
Exporting LAP a good idea?
For example, Lithnet Access Manager is a relatively low-cost and open-source solution that can be rolled out in tandem with LAPS and then replace it if you need the extra features.
-
On premises MFA requirements conflicts with LAPS usage
Just in time Access, this is what I setup on our domain, I'm sure there are others but this is free and easy to setup. The Enterprise Edition is cheap as well. https://github.com/lithnet/access-manager
- PCI and LAPS
What are some alternatives?
When comparing macOSLAPS and access-manager you can also consider the following projects:
LAPSforMac - Local Administrator Password Solution for Mac
passcore - A self-service password management tool for Active Directory
macOS-enterprise-privileges - For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
laps-web - A web site for managing access to local admin passwords managed by Microsoft LAPS
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
LAPS-WebUI - A nice and simple Web Interface for LAPS (Local Administrator Password Solution)
nudge - A tool for encouraging the installation of macOS security updates.
SharpLAPS - Retrieve LAPS password from LDAP
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
myADMonitor - myADMonitor is an open-source Active Directory changes tracking tool
macOSLAPS vs LAPSforMac
access-manager vs passcore
macOSLAPS vs macOS-enterprise-privileges
access-manager vs laps-web
macOSLAPS vs ProfileManifestsMirror
access-manager vs pingcastle
macOSLAPS vs PPPC-Utility
access-manager vs LAPS-WebUI
macOSLAPS vs nudge
access-manager vs SharpLAPS
macOSLAPS vs MakeMeAnAdmin
access-manager vs myADMonitor